DNS Forwarder Host Overrides

johnpoz

So when you query pfsense for intranet.udll.lan what do you get back?

Lets see your nslookup or dig… This really is 2 seconds to setup..

gigaboy

Attached.  I do have the host override configured as per your screenshot.

johnpoz

Well as you see your client is asking 208.67.220.220

On your nslookup command set server to pfsense IP address.

gigaboy

Attached, I have an override set for firewall (pfsense) and it finds it, but I still can't use a web browser to browse to it locally.

johnpoz

So you don't know how to use nslookup is problem 1 ;)

if pfsense is on 192.168.1.1 then set your server to that in your nslookup command..

Here are some examples…

So do this

nslookup [-opt …] host server # just look up 'host' using 'server'

nslookup intranet.udll.lan 192.168.1.1

see I ask my pihole that is running for another box on my network  where i5-win.local.lan is the host I am looking for and 192.168.3.10 is the nameserver I am asking.

nslookup i5-win.local.lan 192.168.3.10
Server:  pi-hole.local.lan
Address:  192.168.3.10

Name:    i5-win.local.lan
Address:  192.168.9.100

Or you can do it this way..

Where I run nslookup it shows the default server its using, and then change it with the server command, then ask it what I am looking for.

nslookup
Default Server:  sg4860.local.lan
Address:  192.168.9.253

server 192.168.3.10
Default Server:  pi3-2.local.lan
Address:  192.168.3.10

i5-win.local.lan
Server:  pi3-2.local.lan
Address:  192.168.3.10

Non-authoritative answer:
Name:    i5-win.local.lan
Address:  192.168.9.100

gigaboy

attached

johnpoz

Well there you go see its working just fine… Now you just need to make sure your clients are actually asking pfsense for dns..

From your previous test since it defaults to open then no its never going to work... Your clients should be pointing at only 1 DNS and that is pfsense IP..

In pfsense dhcp the dns should be blank so it hands out pfsense IP as the dns server... What does your client show for dns with ipconfig /all?

gigaboy

Attached.  My machine is set to use dhcp.
If I only use pfSense as the DNS, then how do I resolve external addresses when surfing the web?

johnpoz

"how do I resolve external addresses when surfing the web?"

Pfsense would forward them to your opendns if that is where your forwarding

How would you expect your host overrides to work if your not even asking pfsense for anything..

BTW why are you running teredo if you have native dual stack running?  I would clean up your ipv6..

gigaboy

Do I even need ipv6, I configured it when Spectrum upgraded our service here.

I didn't know there was such a thing as teredo.

I was able to disable it on Win 10 machines.

I did as you suggested in the screenshot with removing the dns servers, and it all works!

Thanks for your time and help!

Mark

johnpoz

Do you need it? No you don't there is zero resources that I am aware of that are only available via ipv6 other than maybe some darkweb or p0rn sites..

As you saw my windows box is clean - but I can click 1 button and then it has IPv6 and I can test stuff via IPv6 if I want, etc..

Here I enabled ipv6 on its lan and bing bang zoom I can talk IPv6 to internet, etc..